Log in Get Started Free
  • JP 日本語
  • US English
  • CN 简体中文
  • TW 繁體中文
  • KR 한국어
  • ES Español
  • FR Français
  • DE Deutsch
  • PT Português
  • ID Indonesia
  • IN हिन्दी
  • SA العربية

WeProcess Privacy Policy

Effective Date:February 26, 2026

This Privacy Policy is provided in Japanese as the authoritative version. The Japanese version shall prevail in case of any discrepancy.

Mitsugu Sugiuchi (hereinafter referred to as "the Company") hereby establishes this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of users' personal information in the project management service "WeProcess" (hereinafter referred to as "the Service") provided by the Company.

This Policy is intended to comply with the laws and regulations on personal information protection applicable to users of the Service in each country and region, including Japan's Act on the Protection of Personal Information and the EU General Data Protection Regulation (GDPR).

Article 1 (Information We Collect)

The Company collects the following information in providing the Service.

1. Information directly provided by users

  1. Account registration information (name, email address, password, etc.)
  2. Profile information (display name, icon image, etc.)
  3. Payment information (credit card information, etc. However, payment processing is performed by Stripe, Inc., and the Company does not directly retain credit card numbers.)
  4. Inquiry details (content of communications via email, telephone, etc.)
  5. Team information (team name, email addresses of invited members, etc.)

2. Information automatically collected through use of the Service

  1. Access logs (IP address, browser type, access date and time, referring URL, etc.)
  2. Usage information (features used, operation history, usage duration, etc.)
  3. Device information (OS, screen resolution, language settings, etc.)
  4. Information collected through cookies and similar technologies

3. Information obtained from third parties

  1. Information provided by external authentication services (such as Google) when creating an account using such services (name, email address, profile image, etc.)

Article 2 (Purpose of Use and Legal Basis)

The Company uses collected personal information for the following purposes. For users subject to the GDPR, the legal basis corresponding to each purpose of use is also indicated.

Purpose of Use Legal Basis (GDPR)
1. Provision, operation, maintenance, and improvement of the ServicePerformance of Contract
2. Account creation, authentication, and managementPerformance of Contract
3. Billing and payment processingPerformance of Contract
4. Responding to user inquiriesPerformance of Contract / Legitimate Interests
5. Sending notifications regarding the ServicePerformance of Contract
6. Addressing violations of the Terms of ServiceLegitimate Interests
7. Detection and prevention of unauthorized access and misuseLegitimate Interests
8. Analysis of usage and improvement of service qualityLegitimate Interests
9. Development of new features and servicesLegitimate Interests
10. Sending marketing and promotional communicationsUser Consent
11. Compliance with legal obligationsLegal Obligation

Article 3 (Disclosure of Personal Information to Third Parties)

The Company shall not provide personal information to third parties without the user's consent, except in the following cases.

  1. When required by law
  2. When necessary for the protection of life, body, or property of an individual, and when it is difficult to obtain the consent of the user
  3. When particularly necessary for improving public health or promoting the sound development of children, and when it is difficult to obtain the consent of the user
  4. When it is necessary to cooperate with a national or local government agency or a person entrusted by such agency in performing duties prescribed by law, and when obtaining the consent of the user may impede the performance of such duties

Article 4 (Provision to Outsourced Service Providers)

The Company may outsource all or part of the handling of personal information to external service providers to the extent necessary to achieve the purposes of use. In such cases, the Company shall exercise necessary and appropriate supervision over the outsourced parties to ensure the secure management of personal information.

The primary outsourced service providers for the Service are as follows.

  1. Stripe, Inc. — Payment processing
  2. Hosting service providers — Server operation and data storage
  3. Analytics service providers — Analysis of usage

For outsourced parties handling data of users subject to the GDPR, the Company shall enter into data processing agreements pursuant to Article 28 of the GDPR and ensure appropriate protective measures.

Article 5 (Use of Cookies)

  1. The Company uses cookies and similar technologies in the Service.
  2. Cookies are classified into the following categories.
    Category Purpose Consent Required
    Essential CookiesCookies essential for the basic operation of the Service, such as maintaining login status and ensuring securityNot required (essential for service provision)
    Functional CookiesSaving user settings and preferences (language, theme, etc.)Required
    Analytics CookiesAnalysis and improvement of service usageRequired
  3. For users accessing from the EEA (European Economic Area), the United Kingdom, or Switzerland, consent for the use of cookies other than essential cookies will be requested upon first access.
  4. Users may change their cookie acceptance settings at any time through browser settings or the cookie settings screen. However, rejecting essential cookies may prevent the Service from functioning properly.

Article 6 (Security Measures)

The Company takes the following measures to prevent leakage, loss, or damage of personal information and to ensure the secure management of personal information.

  1. Organizational security measures — Appointing a person responsible for the handling of personal information and clarifying the scope of personal information handled.
  2. Technical security measures — Implementing technical measures such as encryption of communications (SSL/TLS), access control, and data encryption.
  3. Physical security measures — Taking measures to prevent theft or loss of equipment and electronic media used to handle personal information.

Article 7 (Data Retention Period)

  1. The Company retains personal information for the period necessary to achieve the purposes of use. The retention period is determined considering legal obligations, contractual necessity, and reasonable expectations of users.
  2. Data handling after account deletion is as follows.
    1. User Content — Retained for 30 days after account deletion, then deleted.
    2. Account Information — Deleted promptly after account deletion. However, if retention is required by law, it will be retained for the period prescribed by such law.
    3. Payment History — Retained for the period required by law (such as the Electronic Books Preservation Act).
    4. Access Logs — Retained for a maximum of one year for security and fraud prevention purposes.

Article 8 (User Rights — Japan's Act on the Protection of Personal Information)

Under Japan's Act on the Protection of Personal Information, users may make the following requests to the Company. The Company shall respond within a reasonable period after confirming that the request is from the user themselves.

  1. Request for disclosure — Users may request disclosure of their personal information held by the Company.
  2. Request for correction, addition, or deletion — Users may request correction, addition, or deletion if the content of their personal information is inaccurate.
  3. Request for suspension or erasure of use — Users may request suspension or erasure of use if personal information is being used beyond the scope of the purposes of use.
  4. Data portability — Users may export their User Content through the account settings screen of the Service.

Article 9 (User Rights — GDPR)

Users residing in the EEA, the United Kingdom, or Switzerland have the following rights under the GDPR, in addition to the rights set forth in Article 8.

  1. Right of access (Article 15) — The right to obtain a copy of personal data processed by the Company.
  2. Right to rectification (Article 16) — The right to request rectification of inaccurate personal data.
  3. Right to erasure (right to be forgotten) (Article 17) — The right to request erasure of personal data under certain conditions. The Company shall respond promptly, except where retention is necessary for compliance with legal obligations.
  4. Right to restriction of processing (Article 18) — The right to request restriction of processing of personal data under certain conditions.
  5. Right to data portability (Article 20) — The right to receive personal data provided to the Company in a structured, commonly used, and machine-readable format.
  6. Right to object (Article 21) — The right to object to processing based on legitimate interests. Objections to processing for marketing purposes shall be accepted unconditionally.
  7. Right to withdraw consent — The right to withdraw consent at any time for processing based on consent. Withdrawal of consent shall not affect the lawfulness of processing prior to withdrawal.
  8. Right to lodge a complaint with a supervisory authority — The right to lodge a complaint with the data protection supervisory authority of the user's country of residence regarding the Company's processing of personal data.

To exercise the above rights, please contact us through the inquiry desk described in Article 15. The Company shall respond within one month in principle. If the request is complex or numerous, it may be extended by an additional two months. In such cases, the user will be notified along with the reasons for the extension.

Article 10 (International Data Transfers)

  1. If the servers of the Service or outsourced service providers are located overseas, users' personal information may be transferred outside of Japan.
  2. When transferring personal data of users residing in the EEA, the United Kingdom, or Switzerland to a country that the European Commission has not recognized as having an adequate level of data protection, the Company shall implement one of the following safeguards.
    1. Execution of Standard Contractual Clauses (SCCs) approved by the European Commission
    2. Confirmation that the data transfer recipient has obtained appropriate data protection certification
    3. Other appropriate safeguards recognized by the GDPR
  3. Users may request details of the safeguards regarding data transfers through the inquiry desk in Article 15.

Article 11 (Use by Minors)

  1. In Japan, consent of a legal representative is required for minors (under 18 years of age) to use the Service.
  2. In the EEA, the United Kingdom, or Switzerland, parental consent is required for persons under 16 years of age to use the Service. However, if this age is lowered by the laws of a member state, the laws of that member state shall apply.
  3. The Company does not intentionally collect personal information of persons below the above ages without parental consent. If it is found that personal information of such persons has been collected without parental consent, the Company shall promptly delete such information.

Article 12 (Handling of Information in the AI Assistant Feature)

  1. Information entered by users in the AI assistant feature is used to generate responses for those users.
  2. The Company does not use information entered by users in the AI assistant feature for AI model training purposes.
  3. In providing the AI assistant feature, information may be transmitted to external AI service providers. In such cases, the Company shall enter into appropriate contracts with such providers and ensure the secure management of information.
  4. When transmitting data of users residing in the EEA, the United Kingdom, or Switzerland to external AI service providers, the safeguards set forth in Article 10 shall be implemented.

Article 13 (Response to Data Breaches)

  1. In the event of a personal data breach (leakage, unauthorized access, etc.), the Company shall promptly investigate the cause and endeavor to prevent the spread of damage.
  2. When a situation requiring reporting arises under Japan's Act on the Protection of Personal Information, the Company shall report to the Personal Information Protection Commission and notify the affected users.
  3. In the event of a breach involving data of users subject to the GDPR, the Company shall report to the competent data protection supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to pose a high risk to the rights and freedoms of users, the Company shall also notify the affected users without undue delay.

Article 14 (Changes to This Policy)

  1. The Company may change this Policy due to amendments to laws, changes to the Service, or other reasons.
  2. In the case of significant changes, the Company shall notify users at least 30 days prior to the effective date of the changes through notifications on the Service and email to the email address registered by the user.
  3. For changes affecting users subject to the GDPR, the Company shall clearly explain the content of the changes and, where necessary, obtain consent again.
  4. The revised Policy shall take effect on the effective date, unless otherwise specified by the Company.

Article 15 (Contact Information)

For inquiries regarding this Policy and requests for exercising rights related to personal information, please contact the following.

  • Business Operator: Mitsugu Sugiuchi
  • Address: Wind Ebisu Building 8F, 2-4-8 Ebisu-Nishi, Shibuya-ku, Tokyo 150-0021, Japan
  • Email: support@weprocess.site
  • Phone: 050-8896-2477

Users subject to the GDPR who are dissatisfied with the Company's response may lodge a complaint with the data protection supervisory authority of their country of residence.

End of Policy